Unfortunately, there are programs that require Java in order to function. In the event you are not in a position to uninstall Java, please update to the latest version, Java 7 Update 17 (correct, Version 16 was skipped).
Although Oracle was planning to wait until April to update Java to address CVE-2013-1493, Java 7 Update 17 was released by Oracle today. Security Alert CVE-2013-1493 addresses two vulnerabilities affecting Java running in web browsers (CVE-2013-1493 and CVE-2013-0809).
If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.
Java Security Recommendations
Although Oracle changed Java security settings to “high” by default, it is advised that users of Java confirm the setting.With the setting at high, you will be prompted to authorize the execution of applets which are either unsigned or are self-signed, thus providing the ability to deny the execution of a potentially malicious applet.
Changing the setting to "Very High" will result in unsigned (sandboxed) apps not being able to run.
1) In the Java Control Panel, set the security to high.
2) Keep Java disabled until needed. Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
(Image via Sophos Naked Security Blog) |
3) If you use Firefox, install NoScript and only allow Java on those sites where it is required.
Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml
Download Information
Download link: Java Version 7 Update 17Verify your version: http://www.java.com/en/download/testjava.jsp
Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
Critical Patch Updates
For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:- 16 April 2013
- 18 June 2013
- 15 October 2013
- 14 January 2014
References
- Java, The Never-Ending Saga
- Java SE 7 Update Release Notes
- Critical Patch Updates, Security Alerts and Third Party Bulletin
- The Oracle Software Security Assurance Blog: Security Alert CVE-2013-1493 Released
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.